57 matches found
EUVD-2022-2568
Malicious code in bioql PyPI...
EUVD-2022-3446
Malicious code in bioql PyPI...
CVE-2022-25202
Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name of custom promotion levels, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Overall/Administer permission...
org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) potentially affected by CVE-2021-21641 via org.jenkins-ci.plugins:promoted-builds (=2.17)
org.jenkins-ci.plugins:promoted-builds MAVEN version =2.17 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:promoted-builds and may be impacted: - org.jenkins-ci.plugins:buildgraph-view =1.3.1, =1.8 Source cves: CVE-2021-21641...
GHSA-7J66-WVHR-M83X Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types
Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters. This results in stored cross-site scripting XSS vulnerabilities exploitable by attackers with Item/Configure permission. Exploitation of thi...
CVE-2022-30965
Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30965
Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Cross site scripting
Jenkins Promoted Builds Simple Plugin 1.9 and earlier does not escape the name and description of Promotion Level parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-30965
Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier is affected by a stored XSS vulnerability due to not escaping the name and description of Promotion Level parameters on views that display parameters. Exploitation requires Item/Configure permission. The issue is documented across multiple s...
PT-2022-20421 · Jenkins · Jenkins Promoted Builds (Simple) Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Promoted Builds Simple Plugin versions 1.9 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the name and description of Promotion Level parameters on views displaying...
Jenkins Promoted Builds (Simple) Plugin 跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
GHSA-9RX5-W522-5FH7 Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions...
org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) potentially affected by CVE-2018-1000114 via org.jenkins-ci.plugins:promoted-builds (=2.17)
org.jenkins-ci.plugins:promoted-builds MAVEN version =2.17 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:promoted-builds and may be impacted: - org.jenkins-ci.plugins:buildgraph-view =1.3.1, =1.8 Source cves: CVE-2018-1000114...
org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) potentially affected by CVE-2022-29049 via org.jenkins-ci.plugins:promoted-builds (=2.17)
org.jenkins-ci.plugins:promoted-builds MAVEN version =2.17 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:promoted-builds and may be impacted: - org.jenkins-ci.plugins:buildgraph-view =1.3.1, =1.8 Source cves: CVE-2022-29049...
GHSA-V98R-GJGC-M9PF Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
org.jenkins-ci.plugins:buildgraph-view (>=1.3.1 <=1.8) potentially affected by CVE-2022-29045 via org.jenkins-ci.plugins:promoted-builds (=2.17)
org.jenkins-ci.plugins:promoted-builds MAVEN version =2.17 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:promoted-builds and may be impacted: - org.jenkins-ci.plugins:buildgraph-view =1.3.1, =1.8 Source cves: CVE-2022-29045...
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
Jenkins promoted builds Plugin provides dedicated support for defining promotions using Job DSL Plugin. promoted builds Plugin 873.v6149dbd64130 and earlier does not validate the names of promotions defined in Job DSL. This allows attackers with Job/Configure permission to create a promotion with...
CVE-2022-29045
Jenkins promoted builds Plugin 873.v6149dbd64130 and earlier, except 3.10.1, does not escape the name and description of Promoted Build parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...